njrat | onetapcc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

onetapcc.exe
Size

23KB
MD5

c7fe6461ab1eedc848c97887f7acc1fd
SHA1

a1746acbe3c6a67a0b53cbf305f8f4e841d6a349
SHA256

6864c95fa9fab28a45538743582fd8416d6dbd0220a5d18c3c9cdd7a3f89fa33
SHA512

e14eb165ad9b98684ed99093da3d6ccf112c6d23fe3a2f2d9eb35cda58f477e12cf9271b9a5ae1a24365a5c8a125a5d2bfb09a64eabb2a0ae21bdc622fe46dc3
SSDEEP

384:3c6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZGGa:MIU0tw3Rpcnu7d

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

insurance-smith.gl.at.ply.gg:54779

Mutex

3dcef34885ca46282a173f90b56bcae7

Attributes

reg_key
3dcef34885ca46282a173f90b56bcae7
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
onetapcc.exe

Files

onetapcc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ